Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: When do exploits get used?
From: Luke Scharf <lscharf () aoe vt edu>
Date: Mon, 22 Mar 2004 17:42:44 -0500

On Mon, 2004-03-22 at 17:13, Jay Beale wrote:
Patching isn't really 90%.  It seems like that because organizations 
still aren't keeping up with patches and thus don't know what would have 
happened if they had.  It seems like that because we're not getting 
caught in the first two parts of our windows of vulnerability that often 
just yet.  If a worm comes out in time window 1 or 2, your 1-hour patch 
turnaround won't save you.

My point is that if one forgets the fundamentals, all of the
firewalling, GPO setups, nifty scripts, and other work is useless.

What good is your firewall if you forgot to patch it and it's being
controlled from outside? :-)


Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]